Merged to production. UAT regression and security review both passed.
- UAT: PASS (Deal Dottie — CAR-733)
- Security: PASS (Stockboy Steve)
- Code CI (lint + test): PASS on uat commit f159d50f
Note: build-and-push has a GHCR permission_denied failure (write_package) — separate infra issue, does not affect code correctness.
- Remove PostgreSQL-specific server_default from User.email_inbound_token.
The column has a Python-side default (secrets.token_urlsafe) that works
for both SQLite and PostgreSQL. The gen_random_bytes() server_default
caused sqlite table creation to fail.
- Add missing back_populates relationships to stub models so SQLAlchemy
mapper configuration succeeds. Purchase.user and Store.user_accounts
were missing, causing "has no property" errors during Base.metadata.create_all.
- Auto-fix ruff import sorting (I001) across all source and test files.
- Manually fix line-too-long (E501) in config.py.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Extract receiptwitness/ from the monorepo into cartsnitch/receiptwitness.
Inline the consumed modules from cartsnitch-common so there is no
cross-repo dependency.
- Add src/receiptwitness/shared/ with inlined models, schemas, constants, database
- Update all imports from cartsnitch_common to receiptwitness.shared
- Remove cartsnitch-common dependency from pyproject.toml
- Copy and update Alembic config (alembic.ini, alembic/)
- Update Dockerfile for standalone build context, add migration CMD
- Add CI workflow with lint, test, build, grype scan, deploy-dev, deploy-uat
- Add .grype.yaml
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
savannah-savings-cto[bot]